Bankers Life Hack Affects More Than 566,000: Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized third parties to gain access to certain company websites containing personal data on policyholders and applicants, the insurer says. BankInfoSecurity, November 8, 2018

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service: A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes. KrebsOnSecurity, November 8, 2018

Information Security Management in the Organization

Information Security Management and Governance

Eight steps to a stronger cybersecurity strategy: If there’s an attack on the country, the military mobilizes. When a natural disaster strikes, recovery plans go into effect. Should an infectious disease start to spread, health officials launch a containment strategy. Phys.org, November 8, 2018

Cybersecurity Pitfalls CEOs Should Avoid: Until recently, chief executive officers received information and reports encouraging them to consider information and cyber security risk. However, not all of them understood how to respond to those risks and the implications for their organizations. A thorough understanding of what happened, and why it is necessary to properly understand and respond to underlying risks, is needed by the CEO, as well as all members of an organization’s board of directors, in today’s global business climate. Without this understanding, risk analyses and resulting decisions may be flawed, leading organizations to take on greater risk than intended. Chief Executive, November 8, 2018

Cyber Defense

Learn to play defense by hacking these broken web apps: The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers, and security-curious management to flex their offensive muscle in the safety of a virtual machine on their own laptop. CSO, November 9, 2018

Cyber Talent

The Mad Dash to Find a Cybersecurity Force: A stunning statistic is reverberating in cybersecurity: An estimated 3.5 million cybersecurity jobs will be available but unfilled by 2021, according to predictions from Cybersecurity Ventures and other experts. The New York Times, November 7, 2018

Busting SIM Swappers and SIM Swap Myths: KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. KrebsOnSecurity, November 7, 2018

Microsoft wants to work with Trump and Congress on cybersecurity: Speaking to CNBC at the 2018 Web Summit in Lisbon, Portugal, Brad Smith said Microsoft wanted to address the “fundamental question” of safeguarding the population against cyber threats — but he said the outcome of the midterm election would not hinder that mission. CNBC, November 7, 2018

Cyber Law

We need stronger cybersecurity laws for the Internet of Things: Due to ever-evolving technological advances, manufacturers are connecting consumer goods — from toys to lightbulbs to major appliances — to the internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare. Bruce Schneier, CNN, November 10, 2018

Critical Infrastructure

Smart Cities Challenge: Real-Time Risk Management: Many of the devices that go into so-called smart cities and buildings are not built to be secure, says Sarb Sembhi of Virtually Informed. As a result, managing risk – ideally in real time – can be challenging and leave organizations and individuals at greater risk of cybercrime, he says. BankInfoSecurity, November 7, 2018

Categories

Get in touch

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.